Trial by fire* Protected. But under pressure to perform
|
|
- Timothy Lynch
- 5 years ago
- Views:
Transcription
1 Key findings from the 2010 Global State of Information Security Survey Financial Services Trial by fire* Protected. But under pressure to perform What global executives expect of information security In the middle of the world s worst economic downturn in thirty years October 2009 *connectedthinking PwC
2 This year, everything is different.
3 As in almost every industry, financial services executives are cutting costs. Laying off personnel. And rejiggering spending priorities. Across the enterprise. Across all functions. And including (we thought it safe to assume) information security and privacy protection. That is, before we reviewed the results of the 2010 Global Information Security Survey. PricewaterhouseCoopers 3
4 What the survey reveals is surprising. Security budgets appear to be less vulnerable to cost-cutting as if executives were protecting them. Yet responses also reveal that security is under enormous pressure to perform. This year, moving from 2009 to 2010, may turn out to be a high-stakes coming of age. A litmus test for a multi-year investment. In the function itself. And in a new generation of security leaders. A trial by fire. PricewaterhouseCoopers 4
5 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 5
6 Section 1 Methodology A worldwide study The Global State of Information Security 2010, a worldwide study by PricewaterhouseCoopers, CIO Magazine and CSO Magazine, was conducted online from April 22 through June 15, PwC s 11 th year conducting the online survey, 7th with CIO and CSO Magazines Readers of CIO and CSO Magazines and clients of PwC from 130 countries More than 7,200 responses from CEOs, CFOs, CIOs, CSOs, VPs, and directors of IT and security Over 40 questions on topics related to privacy and information security safeguards Thirty-two percent (32%) from companies with revenue of $500 million+ Respondents from financial services industries total 1,165 PricewaterhouseCoopers 6
7 Section 1 Methodology Demographics Financial services respondents by company revenue size Financial services respondents by segment Large (> $1B US) 36% Medium ($100M - $1B US) 21% Don't know 18% Nonprofit/Gov/Edu 3% Small (< $100M US) 22% Consumer Banking/ Finance 29% Commercial Banking 20% Real Estate 4% Mortgage 3% Capital Markets 6% Insurance (life, property, casualty) 26% Investment Management 12% Numbers do not necessarily add up to 100% due to rounding. PricewaterhouseCoopers 7
8 Section 1 Methodology Demographics Financial services respondents by region of employment Financial services respondents by title Asia 24% Middle East/Africa 2% North America 36% IT & Security (Other) 36% CISO/CSO /CIO/CTO 16% CEO, CFO, COO 9% Europe 22% South America 15% Compliance /Risk/Privacy 11% IT & Security (Mgmt) 28% Numbers do not necessarily add up to 100% due to rounding. PricewaterhouseCoopers 8
9 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 9
10 Section 2 Spending: A decline in growth rate but a manifestly reluctant one This year, there s a new driver of information security spending in the FS industry and it s nearly as huge a driver as company reputation 60% 54% 50% 48% 48% 40% 41% 38% 30% 20% 10% 0% Regulatory compliance Business continuity / Disaster recovery Internal policy compliance Company reputation Economic downturn Question 32: What business issues or factors are driving your information security spending? (Total does not add up to 100%) PricewaterhouseCoopers 10
11 Section 2 Spending: A decline in growth rate but a manifestly reluctant one Not surprisingly, spending on security is under pressure This year, fewer FS respondents predict spending will increase. Compared to last year, security spending over the next 12 months will Yet what we find most interesting is that nearly two-thirds (64%) expect spending to either increase or stay the same in spite of the worst economic downturn in decades. Or perhaps because of it. Increase Stay the same Decrease 3% 16% 24% 29% 40% 46% Don't know 20% 21% 0% 10% 20% 30% 40% 50% PricewaterhouseCoopers 11
12 Section 2 Spending: A decline in growth rate but a manifestly reluctant one Is cancelling, deferring or downsizing security-related initiatives important? Absolutely according to 7 in 10 FS respondents... 80% 70% 72% 72% 60% 50% 40% 30% Yes for initiatives requiring Operating expenditures Yes for initiatives requiring Capital expenditures 20% 10% 0% Question 11: To continue meeting your security objectives in the context of these harsher economic realities, how important are the following strategies? (Respondents who answered Somewhat Important, Important, Very Important or Top Priority ) PricewaterhouseCoopers 12
13 Section 2 Spending: A decline in growth rate but a manifestly reluctant one but far fewer FS executives are acting on this and actually deferring or reducing budgets for security initiatives. Has your company deferred security initiatives? Yes For capital expenditures 44% For operating expenditures 41% Has your company reduced budgets for security initiatives? Yes For capital expenditures 48% For operating expenditures 47% PricewaterhouseCoopers 13
14 Section 2 Spending: A decline in growth rate but a manifestly reluctant one And among the fewer than half that are taking action, most are taking the least dramatic response either by deferring initiatives by less than 6 months or reducing spending by under 10%. Has your company deferred security initiatives? Yes By less than 6 months By 6 to 12 months By 1 year or more For capital expenditures 44% 22% 14% 8% For operating expenditures 41% 23% 13% 5% Has your company reduced budgets for security initiatives? Yes By under 10% By 10% to 19% By 20% or more For capital expenditures 48% 18% 17% 13% For operating expenditures 47% 19% 16% 12% In short, it appears that some FS executives are reluctant to cut too deeply into security and may, to some extent, be protecting the security function. PricewaterhouseCoopers 14
15 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 15
16 Section 3 Mounting pressure: Impacts of the economic downturn Although given a reprieve, of sorts, from the budget knife, the information security function is under pressure to perform 70% 66% 60% 50% 56% 51% 48% 40% 30% 20% 10% 0% Regulatory environment has become more complex and burdensome Cost reduction efforts make adequate security more difficult to achieve Threats to the security of our information assets have increased Because our business partners have been weakened by the downturn, we face additional security risks Question 10: What impacts has the current economic downturn had on your company s security function? (Respondents who answered Agree or Strongly Agree ) PricewaterhouseCoopers 16
17 Section 3 Mounting pressure: Impacts of the economic downturn More than 6 out of 10 FS respondents agree that the downturn has elevated the role and importance of the security function 70% 60% 50% 66% 61% 56% 51% 48% 40% 30% 20% 10% 0% Regulatory environment has become more complex and burdensome The increased risk environment has elevated the role and importance of the information security function Cost reduction efforts make adequate security more difficult to achieve Threats to the security of our information assets have increased Because our business partners have been weakened by the downturn, we face additional security risks Question 10: What impacts has the current economic downturn had on your company s security function? (Respondents who answered Agree or Strongly Agree ) PricewaterhouseCoopers 17
18 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 18
19 Section 4 Breaches: More footsteps and fingerprints as visibility increases So, given FS concerns about the higher risks this year, has the number of incidents increased? Yes. But this is partly and maybe fully due to greater visibility into incidents and their causes and impacts (i.e., a multi-year decline in the number of FS respondents who don t know the answers to key incident-related questions). Perhaps all the evidence isn t yet on the table. If the downturn-driven, security-related risks that FS respondents are concerned about were fully reflected here, these numbers and the ones on the next three slides would be considerably higher. Number of security incidents No incidents 21% 23% 17% 1 to 9 incidents 23% 27% 36% 10 to 50 incidents 6% 7% 10% 50 or more incidents 4% 6% 5% Don t know 45% 38% 32% PricewaterhouseCoopers 19
20 Section 4 Breaches: More footsteps and fingerprints as visibility increases The new visibility into incidents also extends to types of security incidents and reveals critical information Better insight into what types of events are occurring yields two discoveries: The impacts to data are actually 50% higher than reported last year. And the exploitation of data is now the leading type of attack. Types of security incidents #1 Data exploited 18% 15% 23% Network exploited 17% 19% 22% System exploited 13% 10% 18% Application exploited 12% 14% 17% Device exploited NA 13% 16% Human exploited (Social engineering) 21% 18% 16% Unknown 49% 44% 35% (Does not add up to 100%) PricewaterhouseCoopers 20
21 Section 4 Breaches: More footsteps and fingerprints as visibility increases Likely sources of incidents Little change from last year which may suggest that the true impacts of the downturn had not yet emerged at the time of the survey (April 22 to June 15, 2009). We expect, however, that as the year continues to unfold, more incidents will be traced to former employees, in line with the higher risks to security associated with layoffs and terminations. Likely source of incidents Current employee 32% 33% Former employee 14% 16% Hacker 29% 27% Unknown 45% 37% (Does not add up to 100%) PricewaterhouseCoopers 21
22 Section 4 Breaches: More footsteps and fingerprints as visibility increases Business impacts While the full damage report for 2009 is not yet clear, the first signs aren t promising. Reported levels for many key business impacts are up: financial losses, IP theft, compromises to brand or reputation and, naturally, loss of shareholder value. With the glaring exception of one the business impact that s one of the hardest to identify in a timely manner: fraud. Business impacts Financial losses 43% 50% Intellectual property theft 17% 23% Brand/reputation compromised 28% 32% Loss of shareholder value 8% 12% Fraud 32% 19% (Does not add up to 100%) PricewaterhouseCoopers 22
23 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 23
24 Section 5 Current state of the arsenal: Strong but also largely static If you look hard enough at this year s FS survey responses and long enough you ll find a few gains. Has the FS industry advanced its security and privacy capabilities in the past year? In some areas, yes. Such as security leadership, risk assessment, data security, third-party security and physical security Employ a CISO 45% 51% Employ a CSO 38% 45% Conduct risk assessments via third party 41% 51% Have accurate inventory of locations where data is stored 36% 48% Have incident response process to report breaches and coordinate with third parties handling data 44% 52% Have a data loss prevention (DLP) capability in place 33% 46% Integrate physical security and information security personnel 37% 55% PricewaterhouseCoopers 24
25 Section 5 Current state of the arsenal: Strong but also largely static But the most striking finding among FS responses is that across all major security domains the chalk lines have essentially not moved. For the first time in the 12-year history of this survey, the majority of metrics we use to track advances in security-related capabilities across all major security domains, including strategy, structure, people, process and technology have, by and large, for the financial services industry, not improved. FS security-related capabilities in 2009: A representative sampling Overall information security strategy 75% 74% Conduct threat and vulnerability assessments 59% 59% Have people dedicated to monitoring employee use of Internet 64% 64% Encrypt removable media 45% 46% Have tools to discover unauthorized devices 56% 58% Use wireless handheld device security 50% 49% Have established security baselines for external partners/suppliers 59% 61% Require employees to complete training on privacy policies/practices 61% 61% PricewaterhouseCoopers 25
26 Section 5 Current state of the arsenal: Strong but also largely static Why? Global trends are never the result of one factor. One key reason for this freezing in the data is the shift in this year s answer pool. There was a 12-point (from 48% to 36%) decline in the number of respondents employed in North America a decline offset by 6-point increases from those employed in South America and Asia. In regional response comparisons, South America s security capabilities tend to lag behind those in other regions of the world, while Asia s are currently on a par with North America.) But a second likely reason is impossible to ignore. It s hard to avoid the conclusion that the economic freight train has impacted FS companies more than those in any other industry and largely stopped the global financial services industry s multi-year investment in security capabilities effectively, if temporarily this year, in its tracks. PricewaterhouseCoopers 26
27 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 27
28 Section 6 A crucial year: Security at an important threshold This is a key moment In short, this year, the FS information security function and its leaders are encountering a powerful combination of factors: The greatest economic turmoil in decades. 2. High levels of executive concerns about risks - and the impact of the downturn on the company. 3. Broad-based consensus that the increased risks have raised the role and importance of the security function. 4. A strong, well-developed portfolio of security capabilities that may not have improved in the past year but is still effective and advanced. Enormous pressure (and opportunity) to deliver concrete, measurable business value now, not just later. PricewaterhouseCoopers 28
29 Agenda 1. Methodology 2. Spending: A decline in growth rate but a manifestly reluctant one 3. Mounting pressure: Impacts of the economic downturn 4. Breaches: More footsteps and fingerprints as visibility increases 5. Current state of the arsenal: Strong but also largely static 6. A crucial year: Security at an important threshold 7. What this means for your business PricewaterhouseCoopers 29
30 Section 7 What this means for your business So how are FS security executives trying to tighten the alignment of security s contribution with the business? They re looking hardest at and placing their highest expectations on initiatives that (1) pull this portfolio of multi-year investments together (strategy and integration); (2) address the big risks first; (3) reduce cost and increase efficiency; and (4) manage the security-related impacts of regulation. But across all of these priorities the single most important one is increasing the protection of data. 95% 90% 85% 80% 75% 70% 65% 60% 55% 50% 89% 88% 87% 86% 86% Increasing the focus on data protection Prioritizing security investments based on risk Strengthening the company's GRC program Reducing, mitigating or transferring major risks Refocusing on core of existing strategy 84% 83% Accelerating the adoption of securityrelated automation technologies to increase efficiencies and reduce cost Adopting a recognized security framework as a means of preparing for upcoming regulatory requirements Question 11: To continue meeting your security objectives in the context of these harsher economic realities, how important are the following strategies? (Respondents who answered Somewhat Important, Important, Very Important or Top Priority ) (Total does not add up to 100%) PricewaterhouseCoopers 30
31 Section 7 What this means for your business This year, a hot priority is addressing the risks associated with social networking Today a new generation of FS employees is accessing social networks from work in great numbers, often without the knowledge of the IT department and in circumvention of the traditional countermeasures employed by many. Some FS companies have moved quickly to close this gap but most need to do more. 45% 40% 38% 40% 35% 30% 29% 25% 20% 15% 10% 5% 0% Have security technologies that support Web 2.0 exchanges - such as social networks, blogs, wikis and others. Audit and monitor postings to external blogs or social networking sites Have security policies that address access and postings to social networking sites PricewaterhouseCoopers 31
32 Section 7 What this means for your business New and evolving regulatory requirements FS institutions are struggling with their response to new and evolving regulatory requirements (ex. Red Flags rule; MA 201; PCI). They are treating new requirements as one-off projects, resulting in increased cost of compliance. FS institutions should approach their response more strategically, leveraging other corporate initiatives such as compliance, privacy or security 70% 66% 60% 50% 56% 51% 48% 40% 30% 20% 10% 0% Regulatory environment has become more complex and burdensome Cost reduction efforts make adequate security more difficult to achieve Threats to the security of our information assets have increased Because our business partners have been weakened by the downturn, we face additional security risks PricewaterhouseCoopers 32
33 Section 7 What this means for your business Security incidents on the rise There has been a recent increase in the of number of security incidents which has led to significant financial losses. In addition, the losses directly impact the level of "trust" customers place with the financial institution. Number of security incidents No incidents 21% 23% 17% 1 to 9 incidents 23% 27% 36% 10 to 50 incidents 6% 7% 10% 50 or more incidents 4% 6% 5% Don t know 45% 38% 32% Business impacts Financial losses 43% 50% Intellectual property theft 17% 23% Brand/reputation compromised 28% 32% Loss of shareholder value 8% 12% Fraud 32% 19% PricewaterhouseCoopers 33
34 2009 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity. *connectedthinking is trademark of PricewaterhouseCoopers LLP (US). PwC
Trial by fire* Protected. But under pressure to perform
Key findings from the 2010 Global State of Information Security Survey Automotive Trial by fire* Protected. But under pressure to perform What global executives expect of information security In the middle
More informationTrial by fire* Advisory Services Security
Advisory Services Security Trial by fire* What global executives expect of information security in the middle of the world s worst economic downturn in thirty years. Table of contents The heart of the
More informationChanging the game. Key findings from The Global State of Information Security Survey 2013
www.pwc.com/security Changing the game While tight budgets have forestalled updates to security programs, many businesses are confident they re winning the game. But the rules and the players have changed.
More informationChanging the game. Key findings from The Global State of Information Security Survey 2013
www.pwc.com/security Changing the game While tight budgets have forestalled updates to security programs, many businesses are confident they re winning the game. But the rules and the players have changed.
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationEQUIFAX AFTERMATH ONE YEAR LATER. id theftcente r.o r g
EQUIFAX ONE YEAR LATER AFTERMATH R E P O RT Ξ 2018 id theftcente r.o r g 1-8 8 8-40 0-5 5 3 0 A little over one year ago, Equifax announced one of the largest data breaches in history in which approximately
More informationT A B L E of C O N T E N T S
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More information2018 Small Business Risk Report
2018 Small Business Risk Report Key findings The 2018 Small Business Risk Report reveals that while small business owners are aware they face multiple risks and growing concerns, they often are not spending
More informationData Protection: The Best Policy for Insurers
Data Protection: The Best Policy for Insurers Trust is everything in the insurance industry. Policyholders expect the highest standards of protection, honesty and security from the firms they use. Particularly
More informationUnderstanding the Cyber Risk Insurance and Remediation Services Marketplace:
Understanding the Cyber Risk Insurance and Remediation Services Marketplace: A Report on the Experiences and Opinions of Middle Market CFOs September 2010 Betterley Risk Research Insight for the Insurance
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationBenchmarking Privacy Management and Investments of the Fortune Report on Findings from 2014 Research
Benchmarking Privacy Management and Investments of the Fortune 1000 Report on Findings from 2014 Research Benchmarking Privacy Management and Investments of the Fortune 1000 Over the summer of 2014, the
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationNONPROFIT SURVEY SUMMER 2018
NONPROFIT SURVEY Introduction Focus Marks Paneth LLP s Summer 2018 Nonprofit Pulse survey is based on the opinions of 216 leaders and managers of nonprofit organizations. Current conditions in the nonprofit
More information7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS
7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS TO MANAGE INFORMATION RISK AND KEEP YOUR ORGANIZATION MOVING FORWARD, YOU NEED A SOLID STRATEGY AND A GOOD
More informationThe Guide to Budgeting for Insider Threat Management
The Guide to Budgeting for Insider Threat Management The Guide to Budgeting for Insider Threat Management This guide is intended to help show you how to approach including Insider Threat Management within
More informationState of Card Fraud: 2018
State of Card Fraud: 2018 A deep dive into the evolution of card fraud + industry benchmark data for financial institutions. Stopping Fraud at the Speed of Data Continuing the trend of prior years, the
More informationUK 2015 Cyber Risk Survey Report
INSIGHTS UK 2015 Cyber Risk Survey Report June 2015 CONTENTS 1 Introduction 2 Work still to be done in terms of awareness/ ownership of cyber risk 5 Lack of data continues to prevent companies from adequately
More informationThis article has been published in PLI Current: The Journal of PLI Press, Vol. 2, No. 2, Spring 2018 ( 2018 Practising Law Institute),
This article has been published in PLI Current: The Journal of PLI Press, Vol. 2, No. 2, Spring 2018 ( 2018 Practising Law Institute), www.pli.edu/plicurrent. PLI Current The Journal of PLI Press Vol.
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More information3 Data Extraction Levels
3 Data Extraction Levels DMS Level Data Extractors Data Broker Extractors 3 rd Party Extractors The Problems DMS unauthorized selling of dealer data to 3 rd parties Data broker extracts unauthorized data
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationSponsored by. Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment
Sponsored by Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment Table of Contents Welcome 3 Executive Summary 4 Introduction and Methodology 6 Preparation and Readiness 8 - Client Awareness
More informationProtecting Knowledge Assets Case & Method for New CISO Portfolio
SESSION ID: Protecting Knowledge Assets Case & Method for New CISO Portfolio MODERATOR: Jon Neiditz Kilpatrick Townsend & Stockton LLP jneiditz@kilpatricktownsend.com @jonneiditz PANELISTS: Dr. Larry Ponemon
More informationBeazley Financial Institutions
Market leading protection tailored for financial institutions, providing seamless cover from crime and professional indemnity to directors & officers and data breach. 0 1 0 0 1 1 0 0 0 1 1 0 Beazley Financial
More informationCyber Enhancement Endorsement
Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More information401(k) IQ in the Workplace Survey Report
401(k) IQ in the Workplace Survey Report 2017 Fisher Investments. Investing in securities involves the risk of loss. Intended for use by employers considering or sponsoring retirement plans; not for personal
More informationSeptember 14, Richard F. Smith Chairman and Chief Executive Officer Equifax, Inc Peachtree Street, NE Atlanta, GA Dear Mr.
September 14, 2017 Richard F. Smith Chairman and Chief Executive Officer Equifax, Inc. 1550 Peachtree Street, NE Atlanta, GA 30309 Dear Mr. Smith: Consumers Union, the policy and mobilization division
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationInnovation and the Future of Tax
Innovation and the Future of Tax Exploring new directions in the world of tax 2018 Financial Services Tax Conference July 19, 2018 kpmg.com Notices The following information is not intended to be written
More informationThe agent of the future
The of the future Korea EY survey highlights need for customer-centric innovation and personalized sales support The of the future is emerging as a proactive advisor in a digital world. ii The of the future
More informationAPPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE
Deerfield Insurance Company Evanston Insurance Company Essex Insurance Company Markel American Insurance Company Markel Insurance Company Associated International Insurance Company DataBreach SM APPLICATION
More informationCyber Insurance I don t think it means what you think it means
SESSION ID: GRC-T10 Cyber Insurance I don t think it means what you think it means John Loveland Global Head of Cyber Security Strategy & Marketing Verizon Enterprise Solutions Plot A brief history of
More informationCYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY
CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention
More informationFraud Investigation & Dispute Services Corporate misconduct individual consequences
Fraud Investigation & Dispute Services Corporate misconduct individual consequences Canadian highlights of EY s 14 th Global Fraud Survey Foreword In the aftermath of recent major terrorist attacks and
More informationbuilding a successful investment program in a changing economy
WEB FEATURE EARLY EDITION June 2017 Lisa Schneider healthcare financial management association hfma.org building a successful investment program in a changing economy Aligning investment strategy with
More informationNational Family Office Forum: Adapt, innovate, and transform 2018 survey report
National Family Office Forum: Adapt, innovate, and transform 2018 survey report Introduction Although no two family offices are alike, many single family offices (SFOs) do have a great deal in common.
More informationWhy your board should take a fresh look at risk oversight: a practical guide for getting started
January 2017 Why your board should take a fresh look at risk oversight: a practical guide for getting started Boards play a critical role in overseeing company risk. Ongoing and evolving challenges call
More informationTech and Cyber Claims Services
Tech and Cyber Claims Services Insurance Tech, Cyber Claims and our Breach Response Service The technology industry is a significant area of expertise for the Firm where we advise on contentious and non-contentious
More information2007 global economic crime survey
Investigations and Forensic Services 2007 global economic crime survey Introduction We are pleased to present PricewaterhouseCoopers 2007 Global Economic Crime survey:. While the Global survey is based
More informationSmall business, big risk: Lack of cyber insurance is a serious threat
Small business, big risk: Lack of cyber insurance is a serious threat October 2018 Sean Kevelighan Chief Executive Officer seank@iii.org James Lynch, FCAS, MAAA Chief Actuary jamesl@iii.org Jessica McGregor
More informationHere is some more information on the Equifax Breach and how you may protect yourself in the aftermath...
UPDATE 2 October 13, 2017 Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath... What could happen? The Equifax breach gave criminals access to vital personal
More informationChairman Kanjorski, Ranking Member Garrett, and other Members, thank you for this
Testimony of Robert A. DiMuccio President & Chief Executive Officer of Amica Mutual Group On Behalf of the Property Casualty Insurers Association of America (PCI) Before the Subcommittee on Capital Markets,
More informationEquifax Data Breach: Your Vital Next Steps
Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Ann Davidson Vice President Risk Consulting/ Bond Division Allied Solutions, LLC Do You Remember When this Was the Biggest Threat to Data
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationCFO OUTLOOK 2018 MIDDLE MARKET
CFO OUTLOOK 2018 MIDDLE MARKET TABLE OF CONTENTS Summary and Key Findings...1 Growth in the Current Environment...2 Emerging Trends...6 An Increasingly Evolving Role...10 SUMMARY AND KEY FINDINGS We are
More informationInsurance Contracts for 831(b) Enterprise Risk Captives Policies and Pooling Agreements
Insurance Contracts for 831(b) Enterprise Risk Captives Policies and Pooling Agreements Jeffrey K. Simpson John R. Capasso Brian Johnson Gordon, Fournaris & Mammarella, P.A. Captive Planning Associates,
More informationPCI security standards: A high-level overview
PCI security standards: A high-level overview Prepared by: Joel Dubin, Manager, RSM US LLP joel.dubin@rsmus.com, +1 312 634 3422 Many merchants often have difficulty understanding how they must comply
More informationDefining your digital strategy in a disruptive world
REPORT Defining your digital strategy in a disruptive world UK Insurance Underwriting Digitisation Study 2017 MAY 2017 Introduction In January 2017, LexisNexis Risk Solutions released a comprehensive study
More informationTRACKING TAX IN YOUR INDUSTRY 4.0 TRANSFORMATION
INSIGHTS FROM THE BDO MANUFACTURING & DISTRIBUTION PRACTICE TRACKING TAX IN YOUR INDUSTRY 4.0 TRANSFORMATION An organization s path to Industry 4.0 may be winding or direct, depending on where they are
More informationBank of America Merrill Lynch Future of Financials Conference 2018
Bank of America Merrill Lynch Future of Financials Conference 2018 Jason Witty EVP, Chief Information Security Officer November 5, 2018 U.S. BANCORP Forward-looking Statements and Additional Information
More informationThe Affordable Care Act and Employer Confidence. Navigating a Complex Compliance Challenge. HR. Payroll. Benefits.
The Affordable Care Act and Employer Confidence Navigating a Complex Compliance Challenge HR. Payroll. Benefits. Contents Introduction 3 Impact of the ACA 4 Extending Coverage Beyond The Shared Responsibility
More informationCommercial Insurance >
Commercial Insurance AIG Commercial Insurance combines one of the world s farthest reaching property casualty networks with our diversified, multichannel distribution network to offer our customers a broad
More informationBusiness Continuity Program Management Benchmarking Report
Business Continuity Program Management Benchmarking Report SAMPLE REPORT 2017 Prepared by BC Management, Inc. Benchmarking. Plan Ahead. Be Ahead. Table of Contents Reporting History 4 Study Methodology
More informationEnterprise Risk Management Perspectives
Enterprise Risk Management Perspectives Enterprise Risk Management Symposium Chicago, Illinois March 30, 2007 Joan Lamm Tennant, PhD Gen Re Capital Consultants Enterprise Risk Management: Perspectives
More information2015 Global Audit Committee Survey. KPMG s Audit Committee Institute. kpmg.com/globalaci
2015 Global Audit Survey KPMG s Audit Institute kpmg.com/globalaci What Our 2015 Survey Tells Us Short of a crisis, the issues on the audit committee s radar don t change dramatically from year to year
More informationCPA Canada Q Business Monitor
CPA Canada Q2 2018 Business Monitor Background document On behalf of: Chartered Professional Accountants of Canada July 17, 2018 Study Information The CPA Canada Business Monitor is issued quarterly, based
More informationDespite global headwinds, U.S. companies see opportunities abroad
International Business Indicator Despite global headwinds, U.S. companies see opportunities abroad April 2016 65 About the Wells Fargo International Business Indicator The Wells Fargo International Business
More informationUsually, in the year following a presidential election,
BY JOHN LABATE In Need of Deficit- Defying Tricks Executives believe that sawing the deficit in half at least should be Bush s top priority Usually, in the year following a presidential election, the promises
More informationHide and Seek - Cybersecurity and the Cloud
Hide and Seek - Cybersecurity and the Cloud Merritt Gigamon Research results August 2017 1 Demographics 500 IT decision makers, with responsibilities such as CloudSecOps (386 respondents), SecOps (367
More informationCommunicating with Your Team and Clients about Your Succession Plan
Communicating with Your Team and Clients about Your Succession Plan If averages hold true, three quarters of the advisers reading this white paper don t have a formal plan in place to transition their
More informationBusiness Continuity: Be Assured
Business Continuity: Be Assured CATCH THE WAVE The world is changing by the minute, both your organization and external forces. It s time for a different approach. Be aware, be engaged, or be swept away.
More informationFrequently Asked Questions
Frequently Asked Questions How do you protect my identity? We use our proprietary software to proactively monitor various sources. Through PrivacyArmor, you will also have the power to create thresholds
More informationInsurance 2020 & Beyond
Insurance 2020 & Beyond México November, 2015 By. Stephen T. O Hearn Leader of the Global Insurance Practice Transformación del Sector Asegurador, más allá de la Regulación Research assessed 32 distinct
More informationAre You Ready for the TILA-RESPA Integrated Disclosures (TRID)? By Vincent Spoto
Are You Ready for the TILA-RESPA Integrated Disclosures (TRID)? By Vincent Spoto 1 Are You Ready for the TILA- RESPA Integrated Disclosures (TRID)? By Vincent Spoto By now, most lenders should be well
More informationCommercial Insurance >
Commercial Insurance AIG Commercial Insurance combines one of the world s farthest reaching property casualty networks with our diversified, multichannel distribution network to offer our customers a broad
More informationEmbracing a new IT reality?
Embracing a new IT reality? A global study of CIO pressures and priorities A research paper from Logicalis Logicalis 1 In summary: In the wake of the global financial crisis and driven by a combination
More informationHow the C-suite view and use thought leadership
TODAY S AGENDA How the C-suite view and use thought leadership A survey of 210 senior executives (CEOs, FDs, HR Directors, CROs, CIOs, CTOs and Sales & Marketing Directors) at FTSE 350 firms What content
More informationSURVEY OF GOVERNMENT CONTRACTOR SALES EXPECTATIONS
SURVEY OF GOVERNMENT CONTRACTOR SALES EXPECTATIONS 2017-18 Executive Summary... 03 Introduction... 05 Profile of Government Contractors Surveyed... 06 TABLE OF CONTENTS Onvia Government Contractor Confidence
More information2010 State of the CIO SURVEY. Exclusive Research from CIO magazine
2010 State of the CIO SURVEY Exclusive Research from CIO magazine JANUARY 2011 EXECUTIVE SUMMARY Cost Control and Improving Productivity and Products Are Top of Mind for CIOs in 2011 End-user workforce
More informationAssurant Investor Overview
Assurant Investor Overview First Quarter 2018 2018 Assurant, Inc. All rights reserved. 1 Cautionary Statements Some of the statements included in this presentation, particularly those anticipating future
More informationHITECH and Stimulus Payment Update
HITECH and Stimulus Payment Update David S. Szabo Agenda HIPAA Breach Notification Rules HITECH and Meaningful Use Open Question Period 2 Data Security Breaches A total of 245,216,093 records containing
More informationGet Smarter. Data Analytics in the Canadian Life Insurance Industry. Introduction. Highlights. Financial Services & Insurance White Paper
Get Smarter Data Analytics in the Canadian Life Industry Highlights Several key findings emerged from the SMA research: The primary focus for sophisticated analytics in L&A has traditionally been in the
More information2015 EMEA Cyber Impact Report
Published: June 2015 2015 EMEA Cyber Impact Report The increasing cyber threat what is the true cost to business? Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk
More information2016 CIO Agenda: A China Perspective
G00297509 2016 CIO Agenda: A China Perspective Published: 19 February 2016 Analyst(s): Owen Chen Gartner's 2016 CIO survey results show that we are now knee-deep in the era of digital business, with many
More informationCYBER SECURITY SURVEY Business Software Alliance JUNE 5-7, 2002
Interviews: 395 IT professionals Margin of error: +5.0 Interview dates: Ipsos Public Affairs 1101 Connecticut Avenue NW, Suite 200 Washington, DC 20036 (202) 463-7300 CYBER SECURITY SURVEY Business Software
More informationSeverance & separation practices benchmark study
Severance & separation practices benchmark study 2008-2009 From HR executives to the C-suite, a regular discussion item high on the strategic agenda of most successful organizations is employing effective
More informationWho s the boss? Trends in CIO reporting structure
May 2018 CIO Insider Who s the boss? Trends in CIO reporting structure By: Khalid Kark, Anjali Shaikh, and Caroline Brown Introduction critical for CIOs to move quickly, with direct and unwavering support
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationHot Topics in Software as a Service and Cloud
Hot Topics in Software as a Service and Cloud Presented by: Robert J. Scott www.scottandscottllp.com Speaker Robert J. Scott Cloud Computing Trends Forrester Research estimates the cloud market will reach
More informationA New Era In Information Security and Cyber Liability Risk Management. A Survey on Enterprise-wide Cyber Risk Management Practices.
SP ECIA L REPORT A New Era In Information Security and Cyber Liability Risk Management A Survey on Enterprise-wide Cyber Risk Management Practices October 2011 Sponsored by: A New Era In Information Security
More informationSPEC IAL REPO RT. Information Security and Cyber Liability Risk Management
SPEC IAL REPO RT Information Security and Cyber Liability Risk Management The Fourth Annual Survey on the Current State of and Trends in Information Security and Cyber Liability Risk Management October
More informationStrong Board. Strong Bank Risk Survey MAR 2018 RESEARCH. Sponsored by:
Strong Board. Strong Bank. 2018 Risk Survey MAR 2018 RESEARCH Sponsored by: 2 2018 RISK SURVEY TABLE OF CONTENTS Executive Summary 3 Interest Rate and Credit Risk 5 Cybersecurity 10 Compliance and Regtech
More informationChief Tax Officer Outlook
Chief Tax Officer Outlook Top-of-mind issues for tax leaders fourth global edition April 2017 kpmg.com/tax Never before has the tax department played such an integral role in the success of the business.
More information2013 AT&T Business Continuity Study Results U.S. Trend Data
2013 AT&T Business Continuity Study Results U.S. Trend Data Methodology The 2013 results are based on a national sample of 500 online surveys among Information Technology (IT) executives in companies with
More informationEXCERPT. Do the Right Thing R1112 P1112
MD A n d e r s o n s S t a n d a r d s O f C o n d u c t: EXCERPT Do the Right Thing R1112 P1112 Privacy and Confidentiality At MD Anderson, we are committed to safeguarding the privacy of our patients
More information2016 CIO Agenda: A Nordic Region Perspective
2016 CIO Agenda: A Nordic Region Perspective Published: 19 February 2016 G00298953 Analyst(s): Tomas Nielsen The Gartner 2016 CIO Survey shows that CIOs are building digital business execution platforms
More informationSizing the Standalone Commercial Cyber Insurance Market
Sizing the Standalone Commercial Cyber Insurance Market Cyber liability is a risk that s rapidly permeating every business that relies on digital technology in some phase of its operations which means
More informationDEBUNKING MYTHS FOR CYBER INSURANCE
SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?
More information2018 THE STATE OF RISK OVERSIGHT
2018 THE STATE OF RISK OVERSIGHT AN OVERVIEW OF ENTERPRISE RISK MANAGEMENT PRACTICES 9 TH EDITION MARCH 2018 Mark Beasley Bruce Branson Bonnie Hancock Deloitte Professor of ERM Director, ERM Initiative
More informationRisk Management: Assessing and Controlling Risk
Risk Management: Assessing and Controlling Risk Introduction Competitive Disadvantage To keep up with the competition, organizations must design and create a safe environment in which business processes
More informationSecuring Treasury. Craig Jeffery, Managing Partner, Strategic Treasurer Rosemary Lyons, Business Project Manager, Cigna. You. Are. Not. Done.
You. Are. Not. Done. Craig Jeffery, Managing Partner, Strategic Treasurer Rosemary Lyons, Business Project Manager, Cigna About the Presenter 2 Craig Jeffery, CCM, FLMI Founder & Managing Partner Strategic
More informationThe Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions
The Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions Our Speakers Mark Melodia is Partner and Co-Head of the Global Data Security, Privacy & Management
More informationWhite Paper: Incident Management. By Michael Miora, CISSP President & CEO ContingenZ Corporation
White Paper: Incident Management By Michael Miora, CISSP President & CEO ContingenZ Corporation mmiora@contingenz.com April 20, 2002 Table of Contents Introduction to Incident Management... 2 Incident
More informationCyberMatics SM FAQs. General Questions
CyberMatics SM FAQs General Questions What is CyberMatics? Like telematics for auto insurance, CyberMatics is a technology-driven process to help clients understand their current cyber risk as seen by
More informationTransaction Advisory Services. Managing capital and transactions for your private business
Transaction Advisory Services Managing capital and transactions for your private business Transaction Advisory Services in Canada 1 Staying ahead in an ever changing world Amid ever-changing variables,
More information